Why is it important to have different passwords on different accounts?

Using a different password for every login is an important part of overall security and doesn't have to be difficult.

//

Is it safe to have the same password for all of my email accounts? If one has an account in Yahoo! mail, Gmail, rediff mail, etc., and sets the same password for all of them, will it be easier for a hacker or phisher to find out about it?

Using different passwords is much safer than using one password everywhere. In fact I’ll say it’s critical these days.

Why?

Because hackers know that most people don’t take the trouble to set that up.

Admit it, you’re lazy

I’ll admit it, I’m lazy. And when it comes to trying manage multiple passwords, I’d bet money that most people are as well.

One password everywhere is so much easier. It’s easier than even the easiest password management system. It just is.

It makes our life easy not to have to remember and not to have to use any special tools to remember for us.

The problem is that it makes hackers’ lives easier too.

Hackers know we’re lazy

Hackers know that people find it easier in general to have one password everywhere.

Hackers also know that people generally have more than one account.

So hacking a single account can act as a foot in the door and lead to all sorts of mayhem.

One account leads to more

Quite often, it’s easy to guess that if a person logs in with username X and password Y on a system like Yahoo! mail, it’s likely that they’ll try to replicate both username X with password Y on other systems like Gmail, or just about any system that they might be likely to use.

But by breaching one account, hackers are also often given clues that’ll let them easily access other accounts.

For example, your Facebook login is your email address and some password. Well, if they’ve hacked your email address and you use the same password everywhere, they now know how to login as you on Facebook.

Account confirmations and notifications are also frequently sent via email. What that means is that your hacked email account might contain many clues as to just what other accounts that you might have.

If you use the same password everywhere, it’s easy sailing for the hacker to then quickly try those out and login as you all over.

Hacks can happen through no fault of your own. You could be maintaining perfect security and still end up compromised.

Consider all of the places where you have online accounts. Now, let’s assume that the one with the weakest, poorest security gets hacked, and the contents of their entire username/password database is stolen, with your information in it.

You just got hacked and it wasn’t your fault.

If you’re using one password everywhere, the hackers now know it.

There can’t be only one

The bottom line is that using one password everywhere is a risk that you simply shouldn’t allow.

At a minimum, use unique passwords for your important accounts – like banking and other financially related activities.

And don’t forget that all of your email accounts are “important accounts”, particularly if they can be used for password recovery on other accounts. All that a hacker might need do is get your email account, then run over to some other account and request a password reset to be emailed to that account that they control.

Managing lots of passwords

Whenever I talk about giving each login a different password, I get people who object (often strongly): “This makes no sense at all, no way am I going to remember all those passwords, especially if you’re going to insist that they’re complex on top of everything else”.

You don’t have to.

For example, I don’t know my online banking password. I just don’t. Who’s going to remember something like yFK86jk8q45B? (And no, that’s not it … I said something like…).

Read more:

What’s a good password? Good passwords are hard to crack and hard to remember. As a result, many people don’t use really good passwords, even though they should. We’ll look at what makes a good password, and some ways to make them easier to remember.

How long should a password be? For years, the standard practice has been to assume that eight-character passwords made up of sufficiently random characters was enough. Not any more.

About Leo

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Comments

QUESTION for your experts:
My PWs are in a 2007 Excel file which is encrypted (by Excel) and PW protected. Does this seem sufficient?
(Excel encryption isn’t great but 2007 is better than prior versions.)

@Michael
Excel password protection isn’t very good and is not difficult to crack. If you just have your passwords on your home desktop computer, that might be enough for you. Truecrypt of even an encrypted zip file is much more secure. If you continue to use the Excel file for your passwords, you might want to give it a name which doesn’t give away the fact that it holds your passwords.

What will a hacker see if he somehow figures the password for my Roboform or Lastpass??

I presently follow the rules for creating strong passwords, with something in each that links it in my mind to the specific site being accessed. I occasionally do mess up, but haven’t resorted to password storage yet.

Okay. I’m using it now and I’ve discovered it is most safe to log out of Last Pass after logging in to the needed websites. That way any unauthorized person attempting to use the computer can’t access anything else other than what’s already open.

Of course other security comes into play such as locking the computer when moving away from it.

Thanks for another great article, Leo, although I have read it a few times before. The “Best of” is still the best of! Thanks for turning me on to LastPass a couple of years ago, it has come in extremely handy, and the only real problem is taking the time to go through the LP Vault every once in a while and clean out the old stuff I do not need or use anymore!

I have the best solution (as far as I am concerned). I use a different password for everything and so I do not have to remember them, but I use an address book. I write down each place I have a password and do it in pencil so I can still change them when needed. I do this because I JUST DON’T trust the programs that will do it automatically.
Also, written down in case a hard drive fails etc.
One other good byproduct is that In my will, if anything happens, it’s divulged to my family where the passwords are so they can do what’s needed.

Free Newsletter!

Subscribe to The Ask Leo! Newsletter and get a copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. This ebook will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

Then each week in The Ask Leo! Newsletter you’ll get even more tips, tricks, answers and ideas to help you use your technology more effectively and stay safe doing so.